• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: sudoing into root
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sudoing into root

  • Subject: Re: sudoing into root
  • From: Gnarlodious <email@hidden>
  • Date: Mon, 24 May 2004 08:24:05 -0600
Yes, editing a file in situ is not a problem but writing a new file is.

It seems that editing an existing file does not involve the container's
ownership but when writing a nonexistent file suddenly the container's
ownership is called into the equation.

The solution is to set the container's owner to a qualified user or group
before writing the file and then change it back afterwards.

This was not a problem until recently, when I modified my sudoers file to
remove myself as a sudoer.

With this line giving me uncontrolled access:
user ALL=(ALL) NOPASSWD:ALL
it turned out I was writing scripts that others could not authenticate.
I suppose I shall maintain one machine with myself as 'unsudoed' for script
testing purposes. The sudoers file trick really makes it a lot easer to "do
stuff" but it is not easily edited, in fact, it will not even run if
permissions and mode are not right.

So, an Applescript for sudoers toggling? What a concept!

-- Gnarlie (close to solving the Disable Rendezvous" problem!)


Entity Axel Luttgens spoke thus:

> Yes, this helps to explain the behavior observed by Gnarlie.
>
> Axel
>
>
> Christopher Nebel wrote:
>
>> On May 23, 2004, at 3:00 AM, Axel Luttgens wrote:
>>
>>> Would be interesting to know how exactly the 'do shell script ...
>>> with administrator privileges' is implemented, and what are its
>>> relationships with authorization services and sudo.
>>
>>
>> Currently, 'do shell script "x" with administrator privileges' gets
>> turned into this [1]:
>>
>> sh -c 'echo password | sudo -S x'
>>
>> If you don't supply the password in the command itself, you get a
>> dialog asking for it.
>>
>> However, this is bogus in at least three ways that I can think of off
>> the top of my head, and it's all being rewritten to use the Security
>> APIs instead of sudo(8)
>
> Would indeed be more consistent with the behavior of MacOS apps.
>
>> -- coming to a Future Release near you.
>
>
> Aaaah...
>
>>
>>
>>
>> --Chris Nebel
>> AppleScript Engineering
>>
>> [1] Technically, it calls execve("/bin/sh", { "sh", "-c", "echo
>> password | sudo -p \"\" -S x" }, *(_NSGetEnviron())).
> _______________________________________________
> applescript-users mailing list | email@hidden
> Help/Unsubscribe/Archives:
> http://www.lists.apple.com/mailman/listinfo/applescript-users
> Do not post admin requests to the list. They will be ignored.
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.

  • Follow-Ups:
    • Re: sudoing into root
      • From: Graff <email@hidden>
References: 
 >Re: sudoing into root (From: Axel Luttgens <email@hidden>)

  • Prev by Date: [ANN] SQLiteAddOns 1.0.2
  • Next by Date: Re: AppleScript / Perl comparison
  • Previous by thread: Re: sudoing into root
  • Next by thread: Re: sudoing into root
  • Index(es):
    • Date
    • Thread